Web clients, such as web browsers operating on personal computers or on mobile computing devices, access a wide range of Internet resources (hereinbelow, “resources”), which may include files, web pages, applications, and mail servers, as well as access services, including gateways for voice and other media. Resources are generally maintained within infrastructures, which may include corporate data centers, cloud computing infrastructures, and Content Delivery Networks (CDNs).
To access a resource over the Internet, a web client must issue a request including an Internet Protocol (IP) address. To obtain the IP address, the web client generally initiates a Domain Name System (DNS) query for a resolution of a Fully-Qualified Domain Name (FQDN), such as www.example.com. DNS resolution is described in publication RFC 1035 of the Internet Engineering Task Force (IETF) entitled, “DOMAIN NAMES IMPLEMENTATION AND SPECIFICATION”, as well as in additional IETF publications related to DNS including RFCs 1033, 1034, 1912, 2181, 2136, 2535, and 4033, the teachings of which are all incorporated herein by reference. Generally, an authoritative nameserver is registered for a domain name (e.g., example.com), such that the authoritative nameserver receives DNS queries for the resolution of FQDNs that are subdomains of that domain name.
DNS queries may be made by web clients for reasons other than seeking FQDN resolution. IETF RFC 5782, the teachings of which are enclosed herein by reference, describes a protocol for DNS Blacklist (DNSBL), by which a DNS query is initiated by a mail server to check whether a mail sender is on a blacklist. The query includes an FQDN with two parts. One part is a domain name, by which the query is routed to an authoritative nameserver, and the other part is an IP address of the mail sender (in reverse octal form). The authoritative nameserver returns a response indicating whether or not the mail sender is blacklisted.
U.S. Patent Application Publication Number 2009/0083413 to Levow, et al., whose disclosure is incorporated herein by reference, describes a method for measuring a frequency of a data block appearing in email. A high frequency may indicate that a data block is spam or malware. An algorithm generates a hash code of the data block. The hash code is included in an FQDN, which is delivered in a DNS query to a nameserver.
U.S. Pat. No. 6,006,260 to Barrick, Jr., et al., whose disclosure is incorporated herein by reference, describes gathering information relating to a loading time experienced by a user of information over a network. A browser agent is sent to a user machine in response to a user request to access a Web page. The browser agent measures a download time interval and sends a modified HTTP GET request containing a performance parameter.
U.S. Patent Application 2010/0161787 to Jones, whose disclosure is incorporated herein by reference, describes a device requesting, via a browser application, content corresponding to a selected web page URL, parsing a packet capture to extract various statistics, and storing the statistics to output files.